摘要
论文针对当前社会各部门信息化建设过程中,基于Web的信息系统不断增多的发展现状,设计了一种可以统一进行用户授权管理的系统。系统通过Web Service完成各系统的服务调用,通过DWR与各信息系统交互信息,完成底层协议适配。将各系统的资源和菜单在同一权限管理中进行注册,并通过用户属性建立角色,形成基于角色的访问策略,从而完成用户权限统一分配。在此基础上,通过协议适配接口完成系统日志上报,完成用户行为跨信息系统的审计,完成对用户行为的管理。
In this paper, based on the current development situation of increasing Web information systems during information construction in all sectors ofonp society, a kind of user authorization management system was designed. The system could realize service call and information interaction through WebService and DWR; could register each system’s resources and menus based on the same authority management, establish roles using user attributes and form a role-based access policy, so as to complete the unified allocation of user rights; could realize system logs submission through protocol adaptation interface and audit of user behavior of cross information system.
出处
《网络空间安全》
2017年第10期27-30,共4页
Cyberspace Security
关键词
授权
用户管理
审计
authorization
user management
auditing